Welcome to ERP-Talk Community
For first time users please create an account
How important is it to have a security plan as part of a major project?
The Security team’s goal is to make sure that working with the project team, the pieces of the puzzle fit together, allowing users the correct access to perform their jobs and provide the organization a configuration that yields clean SOX and overall audit reviews. So, when the pieces ‘fit’, then the user does not have inappropriate access. The bad scenario is that since there isn’t a comprehensive view of the security strategy, the user access is incomplete and inoperable.
New implementations as well as major initiatives would benefit greatly by incorporating the Security Team, the Business and the SME (Subject Matter Expert) during all phases of the project. Tools like All Out Security (AOS) help provide immediate feedback for proposed solutions. Additionally, it will keep the team informed if the approach being taken will create SOX conflicts as well as needlessly exposing Critical Access programs. Two major problem areas that are easily avoided by confronting them early and making the decisions at that time.
Other benefits also arise from having the Security team involved in all phases of the project. Even if there are no action items, it is informational and can be surprisingly beneficial. The project team collaborates on the strategy as each area is built, which seems like a great deal of work up front, but it is work that will be saved on the back end when Go-Live dates are quickly approaching. This means the questions and decisions have to be made under stress. Additionally, as each function is reviewed, built, and secured, there tends to be a more consistent approach and manner of implementation. The widespread use of granting *ALL access during the project, while it facilitates those nagging ‘not authorized’ messages, also hides the fact that security still needs to be implemented.